Centric is collaborating with customers and partners on identifying and addressing the recently discovered Apache Log4j vulnerability. Please find our latest information update down below.
The last few days we successfully continued with scanning of our environment. Where needed, we executed patching (2.17.1). So far, there are no indications that the Apache Log4j vulnerability has been exploited in any of our systems or services.
There are still situations where a patch is needed but where we are depending on our integration partners to come up with a solution. We continue to closely monitor these partners and implement and test their solutions as quickly as possible.
Due to the widespread use of the Log4J functionality and the time that is needed to patch systems we have organized ourselves to enable and secure a long-term focus on it. We have changed the Crisis Management Team into a project team that will deal with all the activities to eliminate risks of the Log4J vulnerability in the long run. We advise our customers to do the same and continue to focus on solving this vulnerability, together with their third-party software and integration vendors.